Re: [gentoo-user] internal-sftp and logs files

Thu, 03 Mar 2011 09:39:32 -0800 

Good afternoon,

http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2?pli=1
The tip above link to solve the problem. I had found this link, however I was creating the log file in the dev directory of the chroot user. With the command strace I noticed what was happening permission error file access.
Effectively you need only create the dev directory, the Log Files syslog-ng will automatically create. The log file is actually a socket file that syslog-ng will create. 

Solution:
My mistake was to manually create the log file in the dev directory of the chroot user. 

An example of directory is:
User: naira
Home directory: /var/www/naira.com.br

--> File sshd_config
Match Group customers
    ChrootDirectory %h
    ForceCommand internal-sftp-l VERBOSE f-AUTH

--> File syslog-ng.conf
source src {
    unix-stream("/dev/log");
    internal();
    unix-stream("/var/www/naira.com.br/dev/log");
};

# ls -lah /var/www/naira.com.br/
drwxrwxr-x  13 root     root     3.8K Mar  1 14:58 dev

Restart syslog-ng.

Thanks.

Naira Kaieski
Nucleo de Internet/Redes - Faccat
Linux Professional Institute - LPI000223834

Em 2/3/2011 14:05, Ivan Kharlamov escreveu:

2011/3/1 Naira Kaieski<na...@faccat.br>:

Good afternoon,

Staff set up openssh to direct users to a certain group members to a chroot
environment and these users will have access only to the server using sftp
protocol.

Put in the sshd_config file:
Match Group customers
    ChrootDirectory% h
    ForceCommand internal-sftp-l VERBOSE f-AUTH

Thus each user is directed to the chroot environment indicated in the
variable% h (home directory defined in / etc / passwd)

An example of directory is:
User: naira
Home directory: /var/www/naira.com.br

The problem is that I am not able to capture logs of the user group
"clients" that are targeted to the chroot environment. Access via
internal-sftp from other users who do not belong to the "client" I get the
logs in auth.log files.

I'm using syslog-ng.

Has anyone ever made this kind of setup?

Thanks,

--
Naira Kaieski
Nucleo de Internet/Redes - Faccat
Linux Professional Institute - LPI000223834




Hi!

Actually, I am incompetent at this area, but have you tried this?
http://groups.google.com/group/comp.security.ssh/browse_thread/thread/ce30a1d9889dc2e2

Best regards,
Ivan

Reply via email to